A good software firewall for home users should have the following attributes:

* It’s easy to configure.
* It’s frugal with system resources so it doesn’t bog down the computer.
* It doesn’t bug you much.

But not all firewalls are created equal. Let’s look at a few.
Windows Firewall: Built-in Defense

The easiest software firewall you can use is the built-in Windows Firewall. It is a feature of windows XP Service Pack 2 (SP2), a great big security fix that was issued in the summer of 2004.

When you install SP2, it turns on the Windows Firewall. It’s not a very complex piece of software and it’s often criticized for its simplicity. I think it’s a decent security tool because

* It’s easy to turn on. In fact if you have installed SP2, it is on (provided that you haven’t manually turned it off since installing SP2).
* You never hear from it. It silently does its job without needing much user intervention.
* It doesn’t slow the system by any perceivable measure.

Now, the Windows Firewall is not without its critics. It only polices traffic one-way. Inbound traffic is inspected by the software, but data traffic coming from the computer and flowing out to the Internet is not examined. That can be a problem because if there is a virus, spyware, or other malware on your computer trying to communicate with the outside world, Windows Firewall does not catch it on the way out.

The Windows Firewall is included with Service Pack 2 and is easily accessible in the Security Center in the Windows XP Control Panel.

TIP

If you have bought a new computer or have bought and installed a copy of Windows XP since the fall of 2004, you probably already have SP2 installed. If you haven’t installed SP2 yet, what are you waiting for? Do it. Now. See Chapter 8, “Let’s Smash-Proof Windows: Tweak Windows XP Nice and Tight,” to learn how to update your existing copy of Windows XP with SP2. See Chapter 9, “Starting from the Beginning: Wiping a Hard Drive and Rebuilding from the Ground Up,” if you want to scrap your current Windows installation and start over (recommended if you’ve been running XP for a long time or suspect that your security has already been compromised).
Third-Party Software Firewalls

For the best firewall protection possible, install a third-party software firewall. These programs defend a computer in both directions. They inspect data coming into a computer from the outside world and they look at data leaving the computer to ensure it’s valid traffic and not coming from spyware, a Trojan horse, or a worm.

These programs also use a question and answer process to learn your habits. They are particularly bothersome when they are first installed because every time a program attempts to move data across the firewall, an alert is generated by the firewall that requires the computer user to respond.

Here are some of the features that third-party firewalls offer over the built-in Windows Firewall:

* Two-way communication filtering—For outbound communication, it is particularly annoying when a third-party firewall is first installed. But after a few days of clicking Yes or No on a firewall’s dialog boxes, most of the key communication requests have been dealt with and the firewall won’t interrupt quite as much.

ZoneAlarm detects that an antivirus program is trying to access the Internet and alerts the user to allow or deny the request.

CAUTION

Windows Firewall has been drastically improved in Windows XP SP2, so it’s important that you upgrade your system to SP2 if you plan to use Windows XP. Learn how to install SP2 in Chapters 8 and 9.

Good firewalls offer the user recommendations as to how to respond to an alert when it recognizes the program the communication is coming from. Esoteric processes that need to access the Internet, however, can be hard to deal with because they can be somewhat cryptic for the uninitiated.

Communication from outside the firewall is less problematic because, unless the user initiates communication with the outside world, the inbound communication is ignored. The firewall can be triggered to alert the user to severe attacks, but you’d be surprised how often your IP address is probed by someone or something on the outside.
*

Stealth mode—This mode makes the firewall and the computer behind it invisible. Most good firewalls have this feature available and often it’s turned on by default.

Stealth mode works like this: You walk by my house in the middle of the darkest night and you yell, “Is anyone there?” If I turn on the porch light, come out, and say, “Yes, I am here,” you know there’s a house on the block and you can engage me in a conversation. If you’re a bad person, you can find a way into my house by either tricking me or finding an open window or door when I am not looking.

If you yell, “Is anyone there?” as you walk by and I stay in my house and don’t respond, you don’t know I am there, so you keep going. This is the equivalent of a firewall in stealth mode.
* Threat management—Besides playing traffic cop, a software firewall can also offer other threat management features. It can inspect inbound data and compare it to threat signatures to help block virus and spyware infections. It can also be configured to stop you from sharing personal information with fraudulent websites, helping to defend you against phishing.

Explore More

Hacking SOHO Routers

The purpose of this paper is to outline the security measures being taken by vendors to prevent such attacks in their home routing products, what those security measures accomplish, and

ModSecurity

ModSecurity is a web application firewall (WAF). With over 70% of attacks now carried out over the web application level, organisations need all the help they can get in making

XSS Injection Vulnerabilities

Cross Site Scripting Overview Cross Site Scripting vulnerabilities are sometimes referred to XSS or CSS vulnerabilities. Typically XSS is preferred over the use of CSS. CSS typically refers to the